Exploited: The Cyber Truth

You Can’t Patch Your Way Out of This: What Mythos Means for the Future of Cybersecurity

In this episode of Exploited: The Cyber Truth, RunSafe Security Founder and CEO Joe Saunders and EVP and CSO Doug Britton join us for a strategic discussion on what Anthropic’s “Mythos moment” means for the future of cyber defense. Joe and Doug explore why AI-driven vulnerability discovery marks a fundamental turning point for enterprises, critical infrastructure, and national security. As AI accelerates the discovery and weaponization of vulnerabilities, traditional patch-and-remediate strategies are becoming increasingly unsustainable, especially for safety-critical and mission-critical systems that cannot be patched quickly or frequently. Together, Joe and Doug examine: * Why “find and fix” alone cannot scale in the AI era * How AI is shifting the balance between attackers and defenders * Why patch timelines are widening as vulnerability discovery accelerates * The growing need for resilience-based cybersecurity * How organizations can reduce exploitability without rewriting legacy systems * Why mitigation technologies are becoming essential for critical infrastructure and national security Whether you secure embedded systems, manage cyber risk across critical infrastructure, or lead product security strategy, this episode makes the case for a new approach: one built not around chasing every vulnerability faster, but around ensuring systems remain resilient even when flaws exist.

The Next Cyber Crisis Won’t Be One Hospital—It Could Be the Entire Health System

In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Greg Garcia, Executive Director for Cybersecurity of the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group, to examine how ransomware, third-party dependencies, and interconnected healthcare infrastructure are shaping cyber risk across the healthcare sector. Drawing on experience spanning DHS, critical infrastructure protection, and healthcare cybersecurity coordination, Garcia explains how disruptions at a single vendor or service provider can cascade across hospitals, pharmacies, insurers, and patients nationwide. Together, they explore: * Why healthcare cyber risk is shifting from isolated breaches to systemic disruption * How ransomware and third-party compromises create cascading operational impacts * Lessons from the Change Healthcare ransomware attack * The growing challenge of securing connected healthcare systems and medical devices * Why patching alone cannot keep pace with modern cyber threats * The role of collaboration and resilience in protecting critical healthcare infrastructure From healthcare providers and medical device manufacturers to policymakers and critical infrastructure leaders, this episode explores what organizations must understand to prepare for the next generation of healthcare cyber threats.

Trust at Machine Speed: AI, DevSecOps, and Zero Trust in National Security Software

Artificial intelligence is moving faster than the policies, security controls, and acquisition processes designed to govern it—especially in national security environments where preventing failure is mission-critical. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by Nicolas Chaillan, the host of In the Nic of Time and Former DAF CSO, to examine a central question: how do you build trust in systems that operate, adapt, and make decisions at machine speed? Drawing on his experience deploying DevSecOps across the Department of Defense and building large-scale AI platforms, Chaillan offers a direct perspective on what’s working, what isn’t, and where organizations are falling behind. Together, they explore: * Why multi-model AI strategies are critical to avoid lock-in and improve outcomes * How AI is accelerating software development, testing, and security workflows * Where policy and governance are lagging behind technical reality * The risks of restricting access to critical AI capabilities * What zero trust looks like in systems driven by automation and AI From defense systems to software pipelines, this episode examines what it takes to move fast without losing control—and what leaders need to understand as AI becomes embedded across the mission stack.

The Invisible Attack Surface: Cybersecurity for Embedded Systems

Embedded systems power everything from critical infrastructure to defense systems, yet vulnerabilities in those systems often go unseen and unaddressed. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and special guests Mario Zuniga and Matt Janson of MITRE to discuss the “invisible attack surface” lurking within embedded and cyber-physical systems. Drawing on their frontline experience in cyber operations and resiliency engineering, Mario and Matt explain why embedded systems demand a fundamentally different approach to cybersecurity. From limited patching capabilities and long system lifecycles to unique hardware and firmware attack vectors, traditional IT security models fall short in these environments. Together, they discuss: * Why embedded systems are often overlooked in cybersecurity strategies * How attackers exploit firmware, hardware interfaces, and air-gapped environments * The challenges of securing systems that must remain operational for decades * The role of MITRE’s embedded threat matrix (ESTEEM) in mapping adversary behavior * Why resilience—not just prevention—is key to defending critical infrastructure From industrial control systems to national defense, this episode reveals what it takes to secure the technologies that quietly underpin modern society and why the time to act is now.

AI vs. Vulnerabilities: Who Really Wins?

Artificial intelligence is transforming cybersecurity but not in the way many expect. While defenders are using AI to accelerate detection, triage, and threat hunting, adversaries are leveraging the same tools to scale reconnaissance, automate exploit development, and dramatically increase the speed of attack. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Joe Slowik, Director of Cybersecurity Alerting Strategy at Dataminr, to discuss one critical question: Does AI actually reduce vulnerability risk or just accelerate the conflict? With a background including MITRE ATT&CK, Dragos, Los Alamos National Laboratory, and U.S. government offensive operations, Slowik offers a dual-lens perspective on how AI is reshaping both sides of cybersecurity. Together, they explore: * How AI is increasing the velocity of vulnerability discovery and exploitation * Why attackers may benefit from “good enough” AI outputs, while defenders require precision * The rise in CVEs and why more vulnerabilities doesn’t necessarily mean worse security * The growing risk in OT, IoT, and unmanaged edge devices * Why AI is a powerful tool—not a magic bullet—and what that means for defenders From enterprise security teams to critical infrastructure operators, this episode breaks down what security leaders must understand to stay ahead in an AI-accelerated threat landscape.